Security Methodology and Penetration Testing

CSS - Scirpt is stored and reflected back to teh same or different user. Persistent AttacK. Non Persistent Attack.

CSS - Scirpt reflected as such to the users without getting stored. Persistent AttacK. Non Persistent Attack.

Persistent Attack in CSS is more dangerous than Non-Persistent Attack. True. False.

Identify the root causes for Cross Site Scripting: Improper Input Sanitation. Echoing back user input wihtout validation. Denial of service. Page redirection. Exploiation of trust relationship between teh application adn the end user. User redential theft. Cookie theft adn as a result user Impersonation.

Identify the impacts of Cross Site Scripting: Improper Input Sanitation. Echoing back user input wihtout validation. Denial of service. Page redirection. Exploiation of trust relationship between teh application adn the end user. User redential theft. Cookie theft adn as a result user Impersonation.

Entering the input <script>alert("Hello World")</script> as one of the parameter value in HTTp requestr is an identification mechanism for css. True. False.

Identify counter measures for CSS: Disable scripting in Browser. Disable scripting in email clients. Do not echo user input without proper sanitation. Use Proper filteration on user supplied data. Filer out script tags. Enforce response length. Truncate if extends beyond a certain length. Educate users not to visit sites through the links provided in e-mails or discussion forums.

Method employed by unauthorized users to get access to database content. CSS. SQL Injection. Cross-Site Request Forgery.

IN SQL Injection Hacker would send specially crafted inputs with SQL keywords embedded that would alter the semantics of the Query. True. False.

Using SQL Injection hacker cannot execute a query that he isn't permitted to do. False. True.

Identify root cause for SQL Injection: Insufficient Input Validation. Non-Availability. Breach of confidentiality. Breach of Integrity. Impersonation.

Identify Impacts for SQL Injection: Insufficient Input Validation. Non-Availability. Breach of confidentiality. Breach of Integrity. Impersonation.

Providing all possible SQL Injection prone inputs to check the vulnerability is a good way to identify the possiblity: True. False.

Identify the counter measure (s) for SQL Injection: Proper Input Validation. Use stored procedures than dynamic SQL. Use prepared statements with set methods to provide user input. Grant necessary permissions for accounts that are used to connect to DB.

SSI is: An exploit technique that allows an attacker to send code into a web application, which wil later be executed locally by the web server. SQL Injection via the web server.

Identify the identification method for SSI Injection Attack: Try the below in Test Site "!-#exec cgi="/cgi-bin/hits/pl"--> <!---#exec cmd="ls -al"-->. Proper input validation. disable server side execution feature when not required.

Identify the counter measures for SSI Injection Attack: Try the below in Test Site "!-#exec cgi="/cgi-bin/hits/pl"--> <!---#exec cmd="ls -al"-->. Proper input validation. disable server side execution feature when not required.

Identify the identification method for Malicious File Execution: Try giving a new file in Test PHP page that has the code include $_REQUEST["<Name of the file>'];. validate user input by accepting only "know good" values. isolate applications by using a sandbox. Prevent webservers from making new connections to external websites by adding firewall and prvent remote file include vulnerabilities.

Identify the counter measure(s) for Malicious File Execution: Try giving a new file in Test PHP page that has the code include $_REQUEST["<Name of the file>'];. validate user input by accepting only "know good" values. isolate applications by using a sandbox. Prevent webservers from making new connections to external websites by adding firewall and prvent remote file include vulnerabilities.

Reason for malicious file execution is that teh developers improperly trust input files or concatenate input with file or stream functions. True. False.

Identify the pre-requisite for Cross site Request Forgery. User should be logged into the application or should have an active session ID. Server's trust that the request is coming from a proper user. Atomic Transaction in a single step. No multi factor authentication. Usage of Get parameter.

Identify the reasons for Cross site Request Forgery. User should be logged into the application or should have an active session ID. Server's trust that the request is coming from a proper user. Atomic Transaction in a single step. No multi factor authentication. Usage of Get parameter.

Reauthentication before serivcing sensitive requests and random token included in users session can help remedy cross site request forgery. True. False.

Attack technique intended to misuse thefeatures and functionality provided by the web application is called. Abuse of of functionlaity. Cross site forgery. Cross Site scripting. SQL INjection.

Unhandled execption stack trace thrown back to the user or sensitive information which is recvealed as part of comments in the HTML response is a sign of: Abuse of of functionlaity. Information leakage. Cross Site scripting. SQL INjection.

Being able to access resources which are not part linked to the web application is a sign of: Insufficient Authentication. Information leakage. Cross Site scripting. SQL INjection.

Having hidden links in the web pages or allowing access to any resource without preceding authentication or session validation leads to: Insufficient Authentication. Information leakage. Cross Site scripting. SQL INjection.

http://www.localhost:8080/aviscanner.jsp/id=1234;sessionid=avis1234 is an example of: Insufficient Authentication. Information leakage. Cross Site scripting. Credential/Session Prediction.

Threat modelling is usually done in an iterative manner. At the end of every iteration, the application design has to eb re-visited to aply countermeasures for the threats identified during the earlier cycle. True. False.

Typically multiple iterations will be required before arriving at a finalized list of threats that are not going to be fixed in teh project scope. This list has to be agreed and signed off by the client. True. False.

Choose two threat modeling tools. Microsoft threat. Microsoft threat analysis. Modeling tool v2.0 Beta 2. Beta v2.0 Modeling.